Changes

Jump to navigation Jump to search

Splunk: Python Lookup (edit)

Revision as of 14:50, 14 November 2019

1,174 bytes added ,  14:50, 14 November 2019
m
no edit summary
Line 65: Line 65:  
class SplunkLookupError(object):
 
class SplunkLookupError(object):
 
     pass
 
     pass
 +
 +
</syntaxhighlight>Create your own lookup in: /opt/splunk/etc/system/bin
 +
 +
Example : geoip.py<syntaxhighlight lang="python">
 +
from splunk_lookup import SplunkLookup
 +
from geoip2 import database
 +
 +
DB_PATH = '/usr/share/geoip/GeoIP2-City.mmdb'
 +
 +
 +
class Geolocator(object):
 +
    def __init__(self, ip):
 +
        self.ip = ip
 +
        self.city = self.read_city()
 +
 +
    def read_city(self):
 +
        reader = database.Reader(DB_PATH)
 +
        city = reader.city(self.ip)
 +
        reader.close()
 +
        return city
 +
 +
    @property
 +
    def location(self):
 +
        return "{city} ({country})".format(city=unknown_if_none(self.city.city.name),
 +
                                          country=unknown_if_none(self.city.country.name))
 +
 +
 +
def unknown_if_none(text):
 +
    if text is None:
 +
        return 'Unknown'
 +
    return text
 +
 +
 +
class SplunkLookupGeoIP(SplunkLookup):
 +
    def lookup_arg1(self, argument_value2):
 +
        return 'Unknown'
 +
 +
    def lookup_arg2(self, argument_value1):
 +
        try:
 +
            locator = Geolocator(argument_value1)
 +
            return locator.location
 +
        except Exception as e:
 +
            return 'Unknown'
 +
 +
 +
if __name__ == '__main__':
 +
    SplunkLookupGeoIP()
    
</syntaxhighlight>
 
</syntaxhighlight>
Retrieved from "https://wiki.herrerosolis.com/index.php/Special:MobileDiff/2028"

Navigation menu